Use Intel® DnX to read Part ID and inject debug token in UI

1. Start and setup Intel® System Debugger to use the correct target

   If the target is connected via a debug probe and can be enumerated follow the auto detection steps.

   If the target is already in Intel® DnX mode or not connected via a debug probe follow the Manually select target steps.

   Note:

   When performing connection selection un-check Hide disconnected probes to select the expected debug probe. If no debug connection is required afterwards continue with Offline.

   For debug token creation only, Crash Log / System Debug / System Trace support can be disabled (optionally) Click Finish

1. Click the gear icon to open connection editor

1. Scroll to Target Information and click Create Token

1. Boot platform into Intel® DnX mode

   What triggers are supported to enter Intel® DnX mode depend on the specific platform and vendor choices.

2. Follow generic Create Token instructions to configure the debug token. Don’t fetch another Part ID using the UI!

3. Open a cmd window side by side to the Debug Token Creation Window to fetch Part ID from Intel® DnX

   1. Open CMD window and navigate to the Intel® System Debugger installation

   2. Run isd_​env.bat to source the Intel® System Debugger environment

   3. Run ipython

      import intel.dnx as dnx
      
      # Enumerate Intel® DnX and Configure Device
      # ---------------------
      
      # Get available Intel® DnX devices
      devices = dnx.get_devices()
      # We expect to have only one device connected
      device = devices[0]
      
      # Configure platform / firmware specific Intel® DnX Module
      device.set_dnx_fw_module("C:\\fw_upload_demo\\DNXP_0x1.bin")
      
      # Get Part ID
      pid = device.get_part_id()
      
      print(pid)
      

   4. Keep the cmd window open to continue with the debug token injection afterwards

4. Copy the Part ID to the Debug Token Creation Window

   

5. Click Generate to create the Debug Token

   Note:

   Using a short path without spaces is recommended to simplify selection in Python for injection afterwards.

6. Inject the Debug Token using Intel® DnX

   1. Go back to the already running ipython session and run:

      device.inject_debug_token("C:/fw_upload_demo/token_mtl_m_1687447606601.bin")
      

7. Power Cycle Platform without Intel® DnX Trigger to apply / use Debug Token

Use Intel® DnX to read Part ID and inject debug token in CLI

1. Boot platform into Intel® DnX mode

   What triggers are supported to enter Intel® DnX mode depend on the specific platform and vendor choices.

2. Create Debug Token, read part ID and inject the debug token via Intel® DnX

   1. Open CMD window and navigate to the Intel® System Debugger installation

   2. Run isd_​env.bat to source the Intel® System Debugger environment

   3. Run ipython

      import intel.dnx as dnx
      import intel.dtl as dtl
      import pathlib
      import os
      
      # Enumerate Intel® DnX and Configure Device
      # ---------------------
      
      # Get available Intel® DnX devices
      devices = dnx.get_devices()
      # We expect to have one device connected
      device = devices[0]
      
      # Configure platform / firmware specific Intel® DnX module
      device.set_dnx_fw_module("C:\\fw_upload_demo\\DNXP_0x1.bin")
      
      # Get Part ID
      pid = device.get_part_id()
      
      # Generate OEM Debug Token Using Debug Token Library
      token = dtl.Token.from_config(dtl.TOKEN_CONFIGS.MTLM_OEM_UNLOCK_TOKEN)
      
      # Configure knobs
      token.knob(dtl.TOKEN_KNOBS.OEM_UNLOCK).value = 1
      token.knob(dtl.TOKEN_KNOBS.CSE_TRACING).value = 1
      
      # Add part ID to the token (see snippet above)
      token.part_ids.append(dtl.PartID(pseudonym=int(pid.pseudonym, 16), nonce=pid.nonce, time_base=pid.timestamp))
      
      # Use a private key file to sign token
      token.sign_method = dtl.signing.LocalKey("C:\\fw_upload_demo\\MTL_OEM_KM.pem")
      
      token.to_file("C:\\fw_upload_demo\\mtlm_oem_token.bin")
      
      # Inject Debug Token
      device.inject_debug_token("C:\\fw_upload_demo\\mtlm_oem_token.bin")
      

3. Power cycle platform without Intel® DnX trigger to start the normal boot flow and apply / use Debug Token

Use Intel® DnX to download firmware in CLI

1. Prepare OEMKeyManifest and Intel® DnX Firmware Image

   This is only a quick summary of the steps to actually do the preparation. There will be a detailed Intel® DnX User Guide compatible with Intel® System Debugger after the PoC phase.

   Check the Signing and Manifesting User Guide for more information about how to generate an own private key and include it into the firmware.

   These documents and the mentioned tools are available in the Intel® CSME firmware kit.

   Setup OEMKeyManifest

   1. Use Intel® MEU tool to create OEMKeyManifest template

   2. Add “OemDnxIfwiManifest” and “OemDebugManifest” into OEMKeyManifest.xml

   3. Use Intel® MEU tool to generate a signed OEMKeyManifest binary

   4. Update Intel® IFWI using Intel® MFIT to include OEMKeyManifest

   Create Intel® DnX Firmware Image

   1. Open Intel® MFIT tool

   2. Select Intel® <platform> - Intel® DnX Recovery Image Layout

   3. Configure all fields and generate a Intel® DnX Firmware Recovery Image

2. Boot platform into Intel® DnX mode

   What triggers are supported to enter Intel® DnX mode depend on the specific platform and vendor choices.

3. Authorize and download Intel® DnX Firmware Recovery Image

   1. Open CMD window and navigate to the Intel® System Debugger installation

   2. Run isd_​env.bat to source the Intel® System Debugger environment

   3. Run ipython

      import intel.dnx as dnx
      import intel.dtl as dtl
      import os
      
      # Enumerate Intel® DnX and Configure Device
      # ---------------------
      
      # Get available Intel® DnX devices
      devices = dnx.get_devices()
      # We expect to have one device connected
      device = devices[0]
      
      # Configure platform / firmware specific Intel® DnX Module
      device.set_dnx_fw_module("C:\\fw_upload_demo\\DNXP_0x1.bin")
      
      # Prepare Firmware Upload
      # -----------------------
      
      # Download OEM Key Manifest, required to authenticate following binaries
      device.download_oem_key_manifest("C:\\fw_upload_demo\\OEMKeyManifest_signed.bin")
      
      # Get Part ID
      pid = device.get_part_id()
      
      # Create Intel® DnX Capabilities Token (flags are configured to be executed only once)
      token = dtl.Token.from_config(dtl.TOKEN_CONFIGS.MTLM_OEM_UNLOCK_TOKEN)
      token.flags = 9
      token.part_ids.append(dtl.PartID(pseudonym=int(pid.pseudonym, 16), nonce=pid.nonce, time_base=pid.timestamp))
      token.knob(dtl.TOKEN_KNOBS.DNX_CAPABILITY).value = 31
      token.sign_method = dtl.signing.LocalKey("C:\\fw_upload_demo\\MTL_OEM_KM.pem")
      token.to_file("C:\\fw_upload_demo\\dnx_capabilities_token.bin")
      
      # Inject Intel® DnX Capabilities Token
      device.inject_capabilities_token("C:\\fw_upload_demo\\dnx_capabilities_token.bin")
      
      # Download Intel® DnX Firmware Recovery Image
      # ------------------------------------
      
      # This takes time (~5 min for a 32 MB image on MTL-P)
      device.write_firmware("C:\\fw_upload_demo\\dnx_recovery_image.bin")
      
      # Manually reboot platform